Questions tagged with Service Control Policy
Content language: English
Select up to 5 tags to filter
Sort by most recent
Browse through the questions and answers listed below or filter and sort to narrow down your results.
I know we can (and have) locked down access to specific AWS regions. My question is, is it possible to lockdown AZ's with service control policies?
2
answers
0
votes
359
views
asked 2 years agolg...
Hello if you use the Region deny option in AWS Control Tower ist set the Guardrail: Deny access to AWS based on the requested AWS RegionInfo. In this Guardrail the SCP is missing the global Service...
1
answers
0
votes
617
views
asked 2 years agolg...
After attaching the above SCP policy to an account, I am unable (with Administrator access) to launch an instance with all the compliant tags. The policy is working fine when I deploy an instance with...
1
answers
0
votes
541
views
asked 2 years agolg...
I'm trying to set up permissions so that my users can create roles and policies and use them to give AWS resources access to other AWS resources, but not use them to give humans access to AWS...
2
answers
0
votes
1542
views
asked 2 years agolg...
Hello All,
Using Landing Zone. Each sub account has its own admin users. I would like to implement this as a service control policy from the main account.
We have a job workflow in github actions...
1
answers
0
votes
538
views
asked 2 years agolg...
We would like to control which services are available for use in which accounts and regions while still being able to review everything:
- Allow ReadOnly across all services in all regions
- Allow...
1
answers
2
votes
333
views
asked 2 years agolg...
I would like to create an SCP to enforce encryption on SNS creation. I am creating the below policy but it failed.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Statement1",
"Effect":...
1
answers
0
votes
507
views
asked 2 years agolg...
Hi,
I am searching for a (programmatically checkable) list of all API calls for AWS services.
Background is the usage of allow/deny of specific services in a service control policy (SCP).
For...
1
answers
0
votes
1317
views
asked 2 years agolg...
I want create a IAM policy/Tagging policy / SCP that should allow me to enforce user to create/add tags that are mandatory(mentioned in the policy), when they create resource(EC2,S3,VPC etc) on...
3
answers
0
votes
6094
views
asked 2 years agolg...